Executives don’t need another cybersecurity pitch. They need results.
The CISO Report 2025 from Splunk has sparked widespread discussion across cybersecurity media. The dominant narrative? CISOs are gaining more influence in the boardroom.
But beneath the headlines, familiar struggles persist. Many CISOs still face budget constraints, lack essential soft skills, and experience daily job dissatisfaction.
None of this is new. Most CISOs come from technical backgrounds, and the corporate boardroom—full of politics, strategy, and business priorities—isn’t their natural environment.
The Comfort Zone Trap
Having spent over 25 years in cybersecurity and a decade writing about leadership and governance, I’ve had countless conversations with security professionals about this challenge.
Even those who acknowledge cybersecurity as a business issue often retreat to their technical roots when faced with uncertainty. It’s their comfort zone. But in high-stakes executive discussions, this creates a disconnect. Without trust, CISOs struggle to influence decision-makers.
The fundamental issue? Cybersecurity is still seen as a technical discipline—when in reality, it never has been and never can be.
Logic vs. Business Reality
Many CISOs approach interactions with senior executives as a debate to be won through logic, data, and ROI calculations. They dismiss “fear, uncertainty, and doubt” as outdated and prefer a rational, numbers-driven approach.
But this is the wrong battle. The resistance they face isn’t rooted in a lack of understanding or logic—it’s driven by corporate short-termism and deep-seated cognitive biases.
Executives don’t need another PowerPoint explaining the risks. They already know cyberattacks are inevitable and can be catastrophic. They’ve seen it happen to competitors. Many have lived through crises themselves.
To them, cybersecurity isn’t an isolated concern—it’s just one of many threats to the business, alongside economic downturns, regulatory changes, and supply chain disruptions.
Breaking the Deadlock
Business leaders aren’t looking for CISOs to tell them what needs to be done. They want it done. And after two decades of rising cybersecurity budgets, they’re tired of hearing the same requests for more funding and grand transformation plans that never fully materialize.
CISOs must shift their focus from justifying security needs to proving they can deliver with the resources they have. Consistent, effective execution builds trust. And trust—not spreadsheets or scare tactics—is what unlocks greater influence, better budgets, and long-term success.
That’s the real engine CISOs should be building.
JC Gaillard is the Founder and CEO of Corix Partners, a London-based Boutique Management Consultancy Firm and Thought-Leadership Platform, focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.
He is a leading strategic advisor and a globally-recognised cyber security thought-leader with over 25 years of experience developed in several financial institutions in the UK and continental Europe, and a track-record at driving fundamental change in the Security field across global organisations, looking beyond the technical horizon into strategy, governance, culture, and the real dynamics of transformation.
French and British national permanently established in the UK since 1993, he holds an Engineering Degree from Telecom Paris and has been co-president of the Cyber Security group of the Telecom Paris alumni association since May 2016.
Read more on our Security Transformation Leadership publication here on Medium